Usually the desktop shortcut points to ccleaner.exe which hands it off to ccleaner64. While we've not been informed whether the hand off happens before or after the malware loads, the staff (volunteer moderators) is speaking with Admins (Piriform employees like Tom (OP) in a separate place
I clearly see my Desktop shortcut pointing to the 64-bit exe but rather than going into why my desktop shortcut is pointing to it, instead of as you say, the non-64 bit .exe - would you please instead just
take a look at these attached shortcut screenshots and confirm that there is a 100% certainty that running the shortcuts in the screenshots below and those shortcuts only, would *not* have activated the infection in any way?
Thank you. You know I don't know where you are getting that 64_bit system shortcuts are pointing to the non-64-bit exe, but can you investigate this and see if other people's shortcuts also point to 64-bit exe because if they do like on my system, you should probably put that front and center that 64-Bit system users have nothing to worry about.
I am just a little concerned about the statement "ccleaner.exe which hands it off to ccleaner64" - can you please confirm that launching CCleaner64.exe does not *ever in any way* launch CCleaner.exe.
In other words the infection on 64-Bit systems can only take place if a user actually manually browses to the installation folder and for some strange unknown reason manually activates CCleaner.exe instead of CCleaner64.exe?
Is it me or am i totally wrong in my approach, CCleaner has been one of several programs used in my arsenal for the sole purposes in the attaining and or achievement of as much privacy and security as reasonably possible .
CCleaner usage assists in both cleaning and deleting of web history and remnants of computer useage ,and now further too, being recently acquired by Avast ,who positions itself as an IT security provider.
Very ironic that ,now of all times ,we find that CCleaner has been hacked with a trojan ,how incredulous is that ,but wait its only proported to be approx 3 % of the millions of users who have trusted CCleaner and Piriform.
I purposely chose to continue with win 7 until its final death due to its stability and the failing issues with upgrades 8 ,8.1 ,10 from microsoft , the same was said for CCleaner ,until now .
Performance ,gives credability and integrity to suppliers ,not waiting 5 days or more to notify users via a back door , not to mention the facts that millions,of world wide computers users are NOT all totally knowledgeable of the IT world.
At this point i would welcome a clear and definate answer , (have my details been leaked ) and what proceedures should i further take now ,other than a Full scan for Malware
From my personal research on this issue, its not a trojan in the strictest sense, it had a payload but that payload was not activated, and its ability to be activated has been effectively disabled, and with the update the payload no longer exists so no your information has not been comprised.
Well see that's why it's important to clarify that. CCleaner.exe is infected and Ccleaner64.exe is not.
Why does 64-Bit version even install CCleaner.exe if it is not used at all on 64-Bit systems which use Ccleaner64.exe instead? If CCleaner.exe is never launched there there is no infection. But why is Ccleaner.exe even there on 64-Bit systems, what is its purpose, if it's never launched by the Desktop shortcut which clearly points to Ccleaner64.exe?
So you guys talked about the manual execution of the 32-bit-file and how unlikely this is. As stated in a former post, i probably opened CCleaner.exe instead of CCleaner64.exe as i used the portable version of 5.33.6162 on my 64-bit Windows 10. I did not take notice about it, because no matter what, CCleaner always ran in 64-bit-mode on my system.
The question now is, am i affected by this issue as i opened CCleaner.exe manually on my 64-bit-system? Could Pirisoft clarify? What do others think?
I doubt CCleaner64.exe was not infected, indirectly or otherwise. I have suffered two separate credit card fraud attacks during the period version 5.33 was active. No such problem for years previously in any of my online banking transactions. Possibly a coincidence, but I don't think that's likely.
I have checked my 64-bit Windows 10 and even though I do have the compromised installer (I've still got it saved) and did install 5.33 I do not have that registry entry.
So the answer seems to be to check for this registry entry.
If you do not have this registry entry then you were not infected.
My wife's PC was hit with a similar problem this morning when she started it up. ZoneAlarm caught it and treated it. Problem is, is that it is a Windows Home 7 SP1 64-bit machine running Ccleaner Pro 64-bit (and, yes, now that it hit me a few minutes ago, I went back to her PC and
it was running 6162 which I have now upgraded). However, my similar machine got hit some 4 hours later, ZoneAlarm caught it and I was able to catch some info before I had to reboot after ZA treated something called "Backdoor.Win32.Infecleaner.a When you reboot, before complete startup, I got prompted to let Piriform start up the Ccleaner monitor (never asked before). I said "NO" and am now running normally without the Ccleaner monitor running. My PC is Windows 8 64-bit OS. Starting Ccleaner from the desktop reveals it is: 6162 bit version. I have attached 2 printscreens...hope they come through to you. Am going to update Ccleaner.
Further to my last post....it now appears that my Ccleaner's ability to update has been damaged (see printscreens). I will continue to try to get it done.